FedRAMP
FedRAMP
Overview
It is a certification program that allows federal agencies to use cloud providers for increasingly secure/sensitive government or government-adjacent data.
FedRAMP defines three categories regarding levels of security, Low, Moderate, and High.
The higher the security level the more restrictions are in place.
Box is already certified as FedRAMP Moderate and High.
Considerations
In order to be FedRAMP High compliant, your administrator must setup Box in very a very specific way. It is possible that the administrator has further restricted access to Box functionalities.
Consult with your administrator to identify security restrictions in place that might affect the usage of the API.
API usage in FedRAMP High
For FedRAMP high, Box uses a specific domain, box-gov.com and this affects
all API's entry points.
| FedRAMP Moderate | FedRAMP High |
|---|---|
| account.box.com | account.box-gov.com |
| api.box.com | api.box-gov.com |
| upload.box.com | upload.box-gov.com |
| dl.boxcloud.com | dl-frh.boxcloud.com |
| realtime.services.box.net | realtime.services.box-gov.com |
API Restrictions
The following API entry points are not yet available for usage under FedRAMP High configuration.
| API Entry point |
|---|
| /sign_requests |
| /signrequests/{signrequest_id} |
| /signrequests/{signrequest_id}/cancel |
| /signrequests/{signrequest_id}/resend |